misc/187341: CARP addresses in backup state should't be used as source

Onno Molenkamp onno at flox.org
Fri Mar 7 08:40:04 UTC 2014 

>Number:         187341
>Category:       misc
>Synopsis:       CARP addresses in backup state should't be used as source
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Mar 07 08:40:02 UTC 2014
>Closed-Date:
>Last-Modified:
>Originator:     Onno Molenkamp
>Release:        10.0
>Organization:
>Environment:
>Description:
Under certain conditions, FreeBSD chooses a CARP address that's in the backup state as source address for outgoing IPv6 traffic. In return, neighbors start sending traffic for the carp address to the backup node instead of the master.

I've seen this happen with neighbor advertisements, but I suppose the backup address may get used for any other type of traffic as well.
>How-To-Repeat:
Configure carp, choose a IPv6 carp address that should be selected as the best source address following the rules in in6_selectsrc() if it hadn't been a carp address, and generate traffic to (another) address of a backup node to make sure it will receive neighbor solicitations that it needs to respond to.

(the neighbor sending the solicitations needs to be using a public address as source address in those packets for the bug to occur, as in6_selectsrc() tries to use an address from the same scope)
>Fix:
I've attached a patch against HEAD that makes in6_selectsrc() always skip backup addresses.

Patch attached with submission follows:

Index: sys/netinet6/in6_src.c
===================================================================
--- sys/netinet6/in6_src.c	(revision 262885)
+++ sys/netinet6/in6_src.c	(working copy)
@@ -99,6 +99,7 @@
 #include <netinet/ip.h>
 #include <netinet/in_pcb.h>
 #include <netinet/ip_var.h>
+#include <netinet/ip_carp.h>
 #include <netinet/udp.h>
 #include <netinet/udp_var.h>
 
@@ -335,6 +336,8 @@
 		}
 		if (!V_ip6_use_deprecated && IFA6_IS_DEPRECATED(ia))
 			continue;
+		if (ia->ia_ifa.ifa_carp && !(*carp_master_p)(&ia->ia_ifa))
+			continue;
 
 		/* If jailed only take addresses of the jail into account. */
 		if (cred != NULL &&


>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-bugs mailing list